STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Tanium 7.x Application on TanOS Security Technical Implementation Guide

Version

V2R2

Benchmark ID

Tanium_7-x_Application_TanOS_STIG

Total Checks

75

Tags

application

CAT I: 0CAT II: 75CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (75)

V-254874MEDIUMThe Tanium max_soap_sessions_total setting must be explicitly enabled to limit the number of simultaneous sessions.V-254875MEDIUMThe Tanium max_soap_sessions_per_user setting must be explicitly enabled to limit the number of simultaneous sessions.V-254876MEDIUMThe Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.V-254877MEDIUMThe Tanium Server must be set to only allow connections from endpoints when TLS is used.V-254878MEDIUMTanium Trusted Content providers must be documented.V-254879MEDIUMContent providers must provide their public key to the Tanium administrator to import for validating signed content.V-254880MEDIUMTanium public keys of content providers must be validated against documented trusted content providers.V-254881MEDIUMThe Tanium Application Server must be configured to only use LDAP for account management functions.V-254882MEDIUMTanium Computer Groups must be used to restrict console users from affecting changes to unauthorized computers.V-254883MEDIUMDocumentation identifying Tanium console users, their respective User Groups, Computer Groups, and Roles must be maintained.V-254884MEDIUMThe Tanium application must be configured to use Tanium User Groups in a manner consistent with the model outlined within the environment's system documentation.V-254885MEDIUMDocumentation identifying Tanium console users and their respective Computer Group rights must be maintained.V-254886MEDIUMThe Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.V-254887MEDIUMThe Tanium documentation identifying recognized and trusted IOC streams must be maintained.V-254888MEDIUMTanium Threat Response must be configured to receive IOC streams only from trusted sources.V-254889MEDIUMThe Tanium documentation identifying recognized and trusted folders for Threat Response Local Directory Source must be maintained.V-254891MEDIUMThe Tanium documentation identifying recognized and trusted SCAP sources must be maintained.V-254892MEDIUMThe Tanium documentation identifying recognized and trusted OVAL feeds must be maintained.V-254893MEDIUMTanium Comply must be configured to receive SCAP content only from trusted sources.V-254894MEDIUMTanium Comply must be configured to receive OVAL feeds only from trusted sources.V-254895MEDIUMThe publicly accessible Tanium application must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the application.V-254896MEDIUMThe publicly accessible Tanium application must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.V-254897MEDIUMMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.V-254898MEDIUMThe Tanium application must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.V-254899MEDIUMThe Tanium application must be configured to send audit records from multiple components within the system to a central location for review and analysis of audit records.V-254900MEDIUMThe Tanium applications must provide the capability to filter audit records for events of interest based upon organization-defined criteria.V-254901MEDIUMAccess to Tanium logs on each endpoint must be restricted by permissions.V-254902MEDIUMThe Tanium application must prohibit user installation, modification, or deletion of software without explicit privileged status.V-254903MEDIUMThe Tanium cryptographic signing capabilities must be enabled on the Tanium Clients to safeguard the authenticity of communications sessions when answering requests from the Tanium Server.V-254904MEDIUMThe Tanium cryptographic signing capabilities must be enabled on the Tanium Server.V-254905MEDIUMFirewall rules must be configured on the Tanium Endpoints for Client-to-Server communications.V-254906MEDIUMFirewall rules must be configured on the Tanium Server for Client-to-Server communications.V-254907MEDIUMFirewall rules must be configured on the Tanium Zone Server for Client-to-Zone Server communications.V-254908MEDIUMThe Tanium Application Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.V-254909MEDIUMThe Tanium endpoint must have the Tanium Servers public key in its installation.V-254910MEDIUMThe Tanium application must enforce a minimum 15-character password length.V-254912MEDIUMTanium must enforce 24 hours/one day as the minimum password lifetime.V-254913MEDIUMThe Tanium application must enforce a 60-day maximum password lifetime restriction.V-254914MEDIUMThe Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.V-254915MEDIUMThe Tanium application must be configured for LDAP user/group synchronization to map the authenticated identity to the individual user or group account for PKI-based authentication.V-254916MEDIUMThe Tanium application must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).V-254917MEDIUMThe Tanium application must separate user functionality (including user interface services) from information system management functionality.V-254918MEDIUMThe Tanium Server and Client applications must have logging enabled.V-254919MEDIUMThe Tanium application must restrict the ability of individuals to use information systems to launch organization-defined denial-of-service (DoS) attacks against other information systems.V-254920MEDIUMThe Tanium application must manage bandwidth throttles to limit the effects of information flooding types of Denial of Service (DoS) attacks.V-254921MEDIUMThe Tanium application must reveal error messages only to the ISSO, ISSM, and SA.V-254923MEDIUMTanium must notify system administrator (SA) and the information system security officer (ISSO) when accounts are created.V-254924MEDIUMTanium must notify system administrators (SAs) and the information system security officer (ISSO) when accounts are modified.V-254925MEDIUMTanium must notify system administrators (SAs) and the information system security officer (ISSO) for account disabling actions.V-254926MEDIUMTanium must notify system administrators (SAs) and the information system security officer (ISSO) for account removal actions.V-254927MEDIUMThe Tanium application must set an inactive timeout for sessions.V-254928MEDIUMThe Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.V-254929MEDIUMTanium must notify the system administrator (SA) and information system security officer (ISSO) of account enabling actions.V-254930MEDIUMControl of the Tanium Client service must be restricted to SYSTEM access only for all managed clients.V-254931MEDIUMThe ability to uninstall the Tanium Client service must be disabled on all managed clients.V-254932MEDIUMThe permissions on the Tanium Client directory must be restricted to only the SYSTEM account on all managed clients.V-254933MEDIUMThe Tanium application must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-254934MEDIUMThe Tanium application must offload audit records onto a different system or media than the system being audited.V-254935MEDIUMThe Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.V-254936MEDIUMThe Tanium application must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.V-254938MEDIUMThe Tanium application must prohibit user installation of software without explicit privileged status.V-254939MEDIUMThe application must enforce access restrictions associated with changes to application configuration.V-254942MEDIUMFirewall rules must be configured on the Tanium module server to allow Server-to-Module Server communications from the Tanium Server.V-254943MEDIUMFirewall rules must be configured on the Tanium Server for Server-to-Module Server communications.V-254944MEDIUMFirewall rules must be configured on the Tanium Server for Server-to-Zone Server communications.V-254945MEDIUMThe SSLHonorCipherOrder must be configured to disable weak encryption algorithms on the Tanium Server.V-254946MEDIUMThe SSLCipherSuite must be configured to disable weak encryption algorithms on the Tanium Server.V-254947MEDIUMThe Tanium Server certificate must be signed by a DOD Certificate Authority.V-254948MEDIUMThe Tanium application must limit the bandwidth used in communicating with endpoints to prevent a denial of service (DoS) condition at the server.V-254949MEDIUMThe Tanium application must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-254950MEDIUMTanium must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.V-254951MEDIUMThe application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.V-254952MEDIUMTanium Client processes must be excluded from on-access scan.V-254953MEDIUMTanium Client directory and subsequent files must be excluded from on-access scan.V-254954MEDIUMTanium endpoint files must be excluded from host-based intrusion prevention intervention.